[Samba] Properly extending the AD schema

Rowland penny rpenny at samba.org
Sat Oct 24 12:38:36 UTC 2020

On 24/10/2020 12:36, Péter Bertalan Zoltán via samba wrote:
> Hi,
> I’ve been having a lot of trouble extending the schema on our DC. After
> a few failed attempts and a few hours of researching the issue, I
> decided to seek help here.
> For context, I am trying to extend the schema to add a custom attribute
> to the Person class that would contain an IMAP login name. It didn’t
> seem reasonable to use any of the existing attributes of this class for
> this purpose without resorting to something like deciding to use an
> arbitrary, unused attribute (such as Comment or Description) to store
> this information, which didn’t really sound like a nice solution.
I take it your imap login is probably something like fred at example.org, 
if so, what is wrong with using the 'otherMailbox' attribute ?

You used:

ldbadd -H 
mycompanyTestClassAAAB.ldif --option="dsdb:schema update allowed"=true

Twice, unless it was typo.

Where on the wikipage does it say to use that format ?

It should be in this format:

ldbadd -H /var/lib/samba/private/sam.ldb mycompanyTestClassAAAB.ldif 
--option="dsdb:schema update allowed"=true

Add the attribute(s) first, then the class(es)

Never, not ever, attempt to modify the *.ldb files in the sam.ldb.d 
directory directly, use 'sam.ldb', that is what is for.


More information about the samba mailing list